I've been hearing a lot about Privileged Identity Management (PIM) ever since our recent Intune Stryker incident. My boss is keen on implementing it, but when I checked out some tutorials, I couldn't help but wonder how it actually boosts security. It seems like I can just navigate to PIM in Azure and gain access to any role for a set amount of time with just a click. If I can simply elevate my permissions whenever I want, it feels like there's just one extra step between not having admin access and having it.
In our small team of three admins and two bosses, we're all using Global Admin accounts (yeah, I know it's risky). I'm curious how others have set up PIM in their environments. For instance, could I create one master account that nobody uses daily, secure it with a YubiKey, and make it the approver for elevation requests? Then, we could all request the necessary role elevation in the morning, have that master account approve our requests, and get to work for the day? Any insights would be appreciated!
2 Answers
PIM really shines in terms of timing, auditing, and conditional access. You can set rules on who can elevate access, when, and from what locations. It’s all about adding layers to your security.
Using PIM also lets you implement multi-admin approval if you configure it right. Plus, if you enable authentication contexts for PIM, you can require things like multi-factor authentication. Even if you don’t set it up to the max, the benefit of reducing standing privileges means fewer chances for accidental changes or breaches, plus you get valuable auditing features.
I totally agree! The authentication context feature isn't utilized enough; it could really enhance security.